Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#11037 closed (duplicate)

Support HTTPOnly cookie for HttpResponse.set_cookie

Reported by: hvendelbo Owned by: nobody
Component: HTTP handling Version: master
Severity: Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.

I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag.

Attachments (1)

Change History (4)

comment:1 Changed 7 years ago by mattmcc

  • Has patch unset
  • milestone 1.1 deleted
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

It's too late for new features in 1.1.

comment:2 Changed 7 years ago by mrts

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #3304. Please search the existing ticket list before submitting new tickets.

comment:3 Changed 7 years ago by hvendelbo

I did search for httponly and set_cookie, didn't find anything

Anyway, I added a couple of doctests for HttpResponse that might be useful

Note: See TracTickets for help on using tickets.
Back to Top